Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive.

I've noticed that their has been a recent surge of "legitimate" malware attack vectors. In this instance I'm defining "legitimate" as either using a hacked certificate and/or taking advantage of a real software application's limitations to inject a malware payload of some sort. This has me concerned.

I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.

I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.

I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.

Thanks for your help.

PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.

sopaiwefo wrote:Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive.

No problem. Welcome to the forum!

sopaiwefo wrote:I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.

I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.

Take your time to go through the setup/approach. The principles of it remain the same on Windows 7:1. Instead of LUA, it's called Standard User Account (SUA). I've been told the latest SuRun Beta's work fairly well on Windows 7 too, although some potential problems remain ( http://ssj100.fullsubject.com/windows-hardening-f5/sua-srp-some-questions-t228.htm#1693 ). However, SuRun is not as essential on Windows 7 as it is on XP when running as a limited/standard user.2. SRP is the same, except if you are lucky enough to have the Ultimate edition, I'd recommend using AppLocker instead.3. DEP remains the same.4. Sandboxie remains the same.5. Windows Firewall/NAT Router remains the same. Note that Windows 7's firewall has the ability to control outbound connections too (not that this is required).6. I no longer use a "system virtualiser" (eg. Shadow Defender). I feel that if a suspicious file is suspicious enough (eg. it comes from a clearly dodgy source), it probably should be handled in a full blown Virtual Machine. The disadvantage of handling it via a sandboxed explorer.exe is that you may initially browse the file on your REAL system (eg. you recover the file out of the sandbox and on to your desktop). Most files these days are zipped/archived anyway though. Also, the chances of getting infected by files simply by browsing them is extremely small - the LNK exploit was a very rare attack vector (I don't think there's been any in-the-wild POC's or live malware like that since 2005). And anyway, SRP blocked that LNK exploit.7. Image backing up remains the same.

sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.

I would recommend trying out Sandboxie. Take your time with it. Once you understand how it works and how to set it up nicely, you'll probably never look back. You can try the free version first before considering the full version (there's a life-time license available).

sopaiwefo wrote:PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.

Yes, I do have Windows 7 Ultimate, although I have not heard of AppLocker previously. If you have any reading recommendations, I would appreciate the suggestion.

Currently I have SUA + DEP, Comodo CIS (Firewall + AV) set up. SuRun betas are giving me an invalid link. I've downloaded the last stable version but it is not yet installed.Sandboxie is downloaded, installed, but not configured.

Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.

A few other helpful W7 SUA links:Config W7 for a SUALUA/SUA and highest UAC level overkill?Avoid UAC prompts by using an elevated program launcherHow to avoid typing UAC credentials for selected programs

I personally install everything with SuRun in LUA. Some softwares write to HKCU and create shortcuts only for current user, by using SuRun to install rather than using UAC(=installing in Admin account), that problem is solved.

Thanks for the links tnegjm. Some interesting reading - although I must admit a few of the posts were technically over my head. I'm sure they will make sense once I'm more familiar with these applications/processes.

Yes, ssj100, I was trying to download from a translated page. Thanks for the tip. I was pretty sure it was user error, but I could not figure out how I was screwing up a simple mouse-click! I've downloaded and installed the latest beta.

I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?

Thanks Sadeghi for the information. I deleted the real admin from SuRunners group.

Been busy the last few days with various tasks, but I've noticed a definite system slowdown since using this aproach. I am sure that a part of my issue is Windows 7 and 2Gb of memory (since Win7 is more resource intensive than XP - even if more intrinsically secure). But additionally I know that some of this is due to the security approach taken. Comodo CIS (AV, Firewall and sandbox) might also be a large player in this issue.

I have not really had time to tweak settings and determine what is optimal.

sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge).

I would suggest you read all you can on UAC and LUA (SUA as ssj refers to it). You might enlighten yourself on SEHOP/DEP/ASLDR and EMET. You might want to check out Integrity Levels as well.

Coming from XP, if you skipped Vista like I did, there are quite a few things that will be different. I say this because the amount of tools/utilities you have been used to using in XP may not be needed in win7, depending on what and how you do things.

Either way, understanding what is going on can only help you understand where the strengths are and where your weaknesses might present themselves. That is always a good thing.

Yes, I skipped over Vista. I was underwhelmed by it's functionality. Win7 seems to be a decent OS with enough improvements to make the switch worthwhile.

As to Win7 Security, I really have not seen/read very much. I've tried looking online for Win7 books, but have not seen anything that really deals with security specifically. All are either superficial or overly complex; I'm looking for something in the middle.

Unfortunately real life has not been kind in the last week or so. Just too much going on.